The link in the email goes to a legitimate hacked site and then loads one or more of these three scripts:[donotclick]ftp.hotwindsaunausa.com/clingy/concord.js[donotclick]katchthedeal.sg/stilling/rifts.js[donotclick]ftp.navaglia.it/gazebo/cowboys.js

The victim is then forwarded to a malware landing page using a hijacked GoDaddy domain at [donotclick]hubbywifewines.com/topic/able_disturb_planning.php hosted on 72.5.102.192 (Nuclear Fallout Enterprises, US) along with another hijacked domain of hubbywifefoods.com.